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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 12/28/2009 has been entered. 

Response to Arguments 

2. In communications filed on 12/28/2009, applicant amends claims 1, 3, 13, 14, and 19; 
cancels claims 23-31. The following claims 1-22 are presented for examination. 

3. Applicant's arguments, pages 7-9, filed on 12/28/2009, with respect to the rejection of 
claims 1-22 have been fully considered, but they are not persuasive as amended. The 
independent claims have been amended to recite "and the policy state token is represented as a 
transparent proxy cookie that maintains a relationship among the client, transparent proxy, and 
the origin server". Applicant has not shown how the claims as amended have overcome the prior 
art. Applicant mentions (see page 7), "Applicant has clarified what the features of a transparent 
proxy are as noted by the Appeal's Board as lacking to distinguish over Makarios and the 
proposed combination. As such Applicant respectfully believes the deficiencies noted by the 
Appeal's Board have been addressed." However, applicant's amendment about transparent 
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proxy cookie does not clarify any features about transparent proxy as noted by the Board. In 
addition, Makarios discloses a transparent proxy cookie that is managed by the transparent 
proxy on the client and that maintains a relationship among the client, transparent proxy, and 
the origin server as noted by the Board (see pages 5-6 and page 1 1 on Decision on Appeal). 
Applicant has not overcome the rejection of the claims as amended and Examiner maintains the 
rejections. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

Claims 1-3, 7-17, and 20-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 6,401,125 to Makarios et al in view of US Patent 6,003,084 to Green et al. 

As per claim 1, Makarios et al substantially teaches a method for brokering state 
information exchanged between computers using at least one protocol above a transport layer, 
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the method comprising the steps of receiving at a proxy a request from a client requesting a 
resource of an origin server wherein the transparent proxy is unknown to the client (column 4, 
lines 53-56) the proxy disclosed meets the recitation of transparent proxy as the proxy is 
unknown to the client as the client sends the URL directly to a server. Makarios et al discloses 
redirecting the client request from the proxy to a policy module (a signup web page with an 
address) that meets the recitation of policy module with identifier of claim 14 (column 4, lines 
51-53 and column 5, lines 10-15); obtaining enforcement data provided by the policy module 
(column 5, lines 15-27 and column 3, lines 1-10); a proxy cookie is generated in response to 
login information of the user and transmitting to the user to use as an authentication for further 
interactions with the proxy that meets the recitation of generating at the transparent proxy a 
policy state token in response to the policy enforcement data (column 5, lines 19-51); and 
transmitting the policy state token from the proxy to the client wherein the policy state token is 
used as an authentication of the client to the transparent proxy for subsequent interactions 
between the client and the transparent proxy (see column 5, lines 19-23). Makarios et al 
discloses and the policy state token is represented as a transparent proxy cookie that maintains a 
relationship among the client, transparent proxy, and the origin server (see column 5, lines 14- 
23). Although Makarios et al discloses the claimed method steps of claim 1, Makarios et al 
does not provide enough details on the architecture implemented in the invention. Green et al in 
an analogous art teaches a memory configured at least in part by a transparent proxy process, a 
processor for running the transparent proxy process, (see figure 1) at least one link for networked 
communication between the transparent proxy process, on the one hand, and a client computer 
and an origin server, on the other hand, for example (see figures 2 and 3); Green et al further 
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teaches a secure transparent proxy is unknown to the client, the transparent proxy is transparent 
to both a client and a server (column 9, lines 5-12) and transmitting packets in accordance with a 
defined security policy (column 5, lines 25-30) having a security module to verify whether to 
grant or deny access to proxy services (column 7, line 48 through column 8, line 25 and column 
9, line 12-67). Green et al discloses a transparent proxy comprising a connection manager and a 
security manager that meets the recitation of policy module residing within the same environment 
with the transparent proxy (see figure 3b and column 5, lines 34-40). In one embodiment, the 
proxy comprises a connection manager and a security manager that meets the recitation of policy 
module residing within the same environment with the transparent proxy (see figure 3b and 
column 5, lines 34-40), the proxy incorporates features of both application gateways and proxies 
to better serve client or the server depending on which side caused the firewall action to be 
triggered; and further discloses several advantages of the invention associated with the 
transparent proxy (column 5, lines 55 through column 6, line 20). Green et al discloses wherein 
policy enforcement data is received from the policy module because as the client transfers data 
request to the proxy, requesting information from a server, the proxy comprises modules and 
components wherein a connection manager operates with a security monitor which monitors the 
data from the client for conformance with predefined conditions and provides control 
information to the connection manager of the proxy which in turns controls the relay and directs 
it whether to establish connections to the server (see column 8, lines 14-25). In another 
embodiment, the proxy uses a filter component that also meets the recitation of policy module, 
and the filter component processes the policy enforcement data an returns status to the 
communication component of the proxy, based on the status, the proxy communicates 
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accordingly to the server (see column 10, lines 28-47). Therefore, it would have been obvious to 
one of ordinary skilled in the art at the time the invention was made to modify the invention of 
Makarios et al to implement some of the features of the inventive concept of Green et al, which 
provides a transparent proxy comprising security modules with more security and more 
versatility as taught by Green et al. One skilled in the art would have been motivated to do so 
because the transparent proxy disclosed by Green et al is transparent to both the client and the 
server, incorporating features of both application gateways and proxies, easy to configure, (see 
column 5, line 55 through column 6, line 20), it also provides more security and more versatility 
where additional filtering may be performed as desired, and it is associated with policy module 
that allows the proxy to use any defined protocols in accordance to defined security policy and 
provides transparency wherein no devices need to change any configuration information (column 
9, lines 11-60). 

As per claim 14-17, Makarios et al substantially teaches a transparent proxy server 
comprising: memory configured at least in part by a transparent proxy process, a processor for 
running the transparent proxy process, (see figure 1 and column 4, lines 29-34) at least one link 
for networked communication between the transparent proxy process, on the one hand, and a 
client computer and an origin server, on the other hand (see fig. 1) 

wherein the client computer directs a request for a resource to an origin server and the 
request is intercepted by the transparent proxy process which is unknown to the client (column 4, 
lines 53-56) the proxy disclosed meets the recitation of transparent proxy as the proxy is 
unknown to the client as the client sends the URL directly to a server. Makarios et al discloses 



Application/Control Number: 09/484,69 1 Page 7 

Art Unit: 2433 

redirecting the client request from the proxy to a policy module (a signup web page with an 
address) that meets the recitation of policy module with identifier which identifies a policy 
module that grants or denies authorization of proxy services to the client computer; Makarios 
et al discloses obtaining enforcement data provided by the policy module (column 5, lines 15-27 
and column 3, lines 1-10); a proxy cookie is generated in response to login information of the 
user and transmitting to the user to use as an authentication for further interactions with the 
proxy in response to the policy enforcement data (column 5, lines 19-51) that meets the recitation 
of by acquiring policy enforcement data and attempting to authenticate the client computer to 
the transparent proxy process in response to the policy enforcement data (column 4, lines 51-53 
and column 5, lines 10-15); and transmitting the policy state token from the proxy to the client 
wherein the policy module authenticates the client computer to the transparent proxy process for 
subsequent interactions between the client and the transparent proxy process (see column 5, 
lines 9-23). Makarios et al discloses and the transparent proxy creates a transparent proxy 
cookie for the relationship among the client, transparent proxy, and the origin server and the 
transparent proxy managed the transparent proxy cookie on the client (see column 5, lines 14- 
23, note that the system is a computer program running on the transparent proxy (col. 4, 11. 30- 
33)). 

Although Makarios et al discloses the claimed server of claim 14, Makarios et al does 
not provide enough details on the architecture implemented in the invention. Green et al in an 
analogous art teaches a memory configured at least in part by a transparent proxy process, a 
processor for running the transparent proxy process, (see figure I) at least one link for 
networked communication between the transparent proxy process, on the one hand, and a client 
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computer and an origin server, on the other hand, for example (see figures 2 and 3); Green et al 
further teaches a secure transparent proxy is unknown to the client, the transparent proxy is 
transparent to both a client and a server (column 9, lines 5-12) and transmitting packets in 
accordance with a defined security policy (column 5, lines 25-30) having a security module to 
verify whether to grant or deny access to proxy services (column 7, line 48 through column 8, 
line 25 and column 9, line 12-67). Green et al discloses a transparent proxy comprising a 
connection manager and a security manager that meets the recitation of policy module processes 
within a same environment as the transparent process (see figure 3b and column 5, lines 34-40). 
In one embodiment, the proxy comprises a connection manager and a security manager that 
meets the recitation of policy module residing within the same environment with the transparent 
proxy process (see figure 3b and column 5, lines 34-40), the proxy incorporates features of both 
application gateways and proxies to better serve client or the server depending on which side 
caused the firewall action to be triggered; and further discloses several advantages of the 
invention associated with the transparent proxy (column 5, lines 55 through column 6, line 20). 
Green et al discloses a policy module that grants or denies authorization of proxy services to the 
client computer by acquiring policy enforcement data because as the client transfers data request 
to the proxy, requesting information from a server, the proxy comprises modules and 
components wherein a connection manager operates with a security monitor which monitors the 
data from the client for conformance with predefined conditions and provides control 
information to the connection manager of the proxy which in turns controls the relay and directs 
it whether to establish connections to the server (see column 8, lines 14-25). In another 
embodiment, the proxy uses a filter component that also meets the recitation of policy module, 
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and the filter component processes the policy enforcement data an returns status to the 
communication component of the proxy, based on the status, the proxy communicates 
accordingly to the server (see column 10, lines 28-47). Therefore, it would have been obvious to 
one of ordinary skilled in the art at the time the invention was made to modify the invention of 
Makarios et al to implement some of the features of the inventive concept of Green et al, which 
provides a transparent proxy comprising security modules with more security and more 
versatility as taught by Green et al. One skilled in the art would have been motivated to do so 
because the transparent proxy disclosed by Green et al is transparent to both the client and the 
server, incorporating features of both application gateways and proxies, easy to configure, (see 
column 5, line 55 through column 6, line 20), it also provides more security and more versatility 
where additional filtering may be performed as desired, and it is associated with policy module 
that allows the proxy to use any defined protocols in accordance to defined security policy and 
provides transparency wherein no devices need to change any configuration information (column 
9, lines 11-60). 

As per claims 2-3, Makarios et al discloses the limitation of receiving at the proxy a 
renewed request for the origin server resource, the renewed request containing the policy state 
token, wherein the renewed request contains the policy state token in the transparent proxy 
cookie in a header sent from the client to the proxy, for example (column 5, lines 25-32). 
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As per claims 7-8, Makarios et al teaches the limitation of wherein HTTP or HTTPS is 
a protocol used during at least one of the receiving and transmitting steps (column 3, lines 30- 
67). 

As per claim 10, the combination of Makarios et al and Green et al teaches directory 
access protocol for authentication of client that meets the recitation of utilizing LDAP as a 
software to provide authentication information about the client and the transparent policy 
enforcement data obtained by the transparent proxy depends on the authentication thus provided 
(Green et al, column 9, lines 12-47). Therefore, claim 10 is rejected on the same rationale as the 
rejection of claim 1. 

Claims 9 and 11 are similar to the rejected claim 10 except for utilizing Novell 
Directory Services and SSL software respectively instead of LDAP. Green et al discloses other 
directory service protocols and any protocols used in X400's X500's. Therefore using NDS or 
SSL would have been obvious to one skilled in the art, as these protocols are well known. 
Therefore, claims 9 and 1 1 are rejected on the same rationale as the rejection of claim 1. 

As per claim 12, Makarios et al. teaches the limitation of wherein the obtaining step 
extracts policy enforcement data from a redirection address field (see column 3, lines 1-10). 
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As per claim 13, Makarios et al. teaches the limitation of wherein the transmitting step 
transmits the policy state token in the transparent proxy cookie in a header sent from the proxy to 
the client (column 10-32). 

As per claims 20-22, claim 20 adds another proxy with similar limitations as the rejected 
claim 14. To one with ordinary skilled in the art, the network can comprise of any number of 
clients and servers and adding more than one proxy to share some of the functions would have 
been a design choice and obvious to one skilled in the art because assigning proxies to handle 
specific functions or protocols is well known in the art. 

5. Claims 4, 6, 18, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,401,125 to Makarios et al in view of US Patent 6,003,084 to Green et al as applied 
to claims 1-3 above and further in view of US Patent Publication US 2002/0007317 to 
Callaghan et al. 

As per claim 4, Makarios et al discloses stripping in the proxy cookie to customize the 
client's information request as appropriate to the server (column 3, lines 1-10). Callaghan et al. 
in an analogous art teaches the step of forwarding to the origin server a portion of the renewed 
request, the forwarded portion omitting the policy state token (see page 6, paragraphs 88-90). 
Callaghan et al. further teaches in other embodiments the step of stripping off the state token 
(see page 4, paragraph 61 and page 5, paragraph 81). Therefore, it would have been obvious to 
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one of ordinary skilled in the art at the time the invention was made to modify the method as 
combined above to omit the policy state token when forwarding the request to server. One 
skilled in the art would have been motivated to do so because by omitting the policy state token 
the proxy can maintain the proxy cookie information secret to the server. The other advantage of 
adding and omitting state information as disclosed by Callaghan et al is that it enables a proxy 
to customize request and response as it fits to the proxy (page 4, paragraphs 61-62). 

As per claim 6, Callaghan et al. teaches further comprising the steps at the proxy of 
forwarding to the client at least a portion of a communication from the origin server, and 
forwarding to the origin server at least a portion of a communication from the client (page 5, 
paragraphs 81-82). Therefore, claim 6 is rejected on the same rationale as the rejection of claim 
4. 

Claim 18 recites some of the limitations of claims 1 and 4 as discussed above. For 
instance, Green et al discloses transparent proxy service that is transparent to both client and 
server, the combined references above also teach the step of accepting the authorization from the 
client with a renewed client request for the origin server resource; forwarding the renewed client 
request to the origin server without forwarding the authorization but with an indication to the 
origin server that the transparent proxy server is the source of the forwarded request, and then 
transparently forwarding the requested resource from the origin server to the client as mentioned 
in claims 1 and 4. Therefore claim 18 is rejected on the same rationale as the rejection of claims 
1 and 4. 
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As per claim 19, Makarios et al teaches the limitation of wherein the transparent proxy 
server sends the client the authorization by sending the client a proxy cookie for use in 
subsequent communications from the client, for example (see column 5, lines 19-51). 

6. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,401,125 to Makarios et al in view of US Patent 6,003,084 to Green et al, in view of US 
Patent Publication US 2002/0007317 to Callaghan et al as applied to claim 4 above and further 
in view of US Patent 5,805,803 to Birrell et al.. 

As per claim 5, Makarios et al discloses an example of reply containing an origin state 
token for use by the proxy in its subsequent communications with a (column 5, lines 55-65). It is 
obvious to one skilled to the art that the same concept can be applied in the server side (see 
figure 2) as the proxy is capable of saving the cookie for future interactions with the server. 
Green et al discloses transparency with both the server and the client and discloses interaction 
between the proxy and the server (column 11, lines 5-17). Birrell et al. in an analogous art 
discloses receiving at the proxy a reply from the origin server, the reply containing an origin 
state token for use by the proxy in its subsequent communications with the origin server, for 
example (see column 4, lines 51-65). Therefore, it would have been obvious to one of ordinary 
skilled in the art at the time the invention was made to modify the method as combined above to 
include the step of receiving at the proxy a reply from the origin server, the reply containing an 
origin state token for use by the proxy in its subsequent communications with the origin server. 
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One skilled in the art would have been motivated to do so because using the origin state token for 
use by the proxy in its subsequent communications with the origin server will allow the proxy to 
save in time and bandwidth if the server is already known to the server rather than authenticating 
at every session (column 4, lines 51-65 and 13-26). 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CARL COLIN whose telephone number is (571)272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kieu-Oanh (Krista) Bui can be reached on 571-272-7291 . The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http ://pair-direct .uspto . gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/Carl Colin/ 

Primary Examiner, Art Unit 2433 
January 18,2010 



